Skip to content
  1. Aug 06, 2014
    • Adam Langley's avatar
      Fix return code for truncated DTLS fragment. · aad61c0a
      Adam Langley authored 
      

Previously, a truncated DTLS fragment in
|dtls1_process_out_of_seq_message| would cause *ok to be cleared, but
the return value would still be the number of bytes read. This would
cause |dtls1_get_message| not to consider it an error and it would
continue processing as normal until the calling function noticed that
*ok was zero.

I can't see an exploit here because |dtls1_get_message| uses
|s->init_num| as the length, which will always be zero from what I can
see.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      aad61c0a
    • Adam Langley's avatar
      Fix memory leak from zero-length DTLS fragments. · 8ca4c4b2
      Adam Langley authored 
      

The |pqueue_insert| function can fail if one attempts to insert a
duplicate sequence number. When handling a fragment of an out of
sequence message, |dtls1_process_out_of_seq_message| would not call
|dtls1_reassemble_fragment| if the fragment's length was zero. It would
then allocate a fresh fragment and attempt to insert it, but ignore the
return value, leaking the fragment.

This allows an attacker to exhaust the memory of a DTLS peer.

Fixes CVE-2014-3507

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      8ca4c4b2
    • Matt Caswell's avatar
      Fix DTLS handshake message size checks. · 0598468f
      Matt Caswell authored 
      

In |dtls1_reassemble_fragment|, the value of
|msg_hdr->frag_off+frag_len| was being checked against the maximum
handshake message size, but then |msg_len| bytes were allocated for the
fragment buffer. This means that so long as the fragment was within the
allowed size, the pending handshake message could consume 16MB + 2MB
(for the reassembly bitmap). Approx 10 outstanding handshake messages
are allowed, meaning that an attacker could consume ~180MB per DTLS
connection.

In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no
check was applied.

Fixes CVE-2014-3506

Wholly based on patch by Adam Langley with one minor amendment.

Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      0598468f
    • Matt Caswell's avatar
      Added comment for the frag->reassembly == NULL case as per feedback from Emilia · ea7cb539
      Matt Caswell authored 
      

Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      ea7cb539
    • Adam Langley's avatar
      Avoid double free when processing DTLS packets. · 49850075
      Adam Langley authored 
      The |item| variable, in both of these cases, may contain a pointer to a
|pitem| structure within |s->d1->buffered_messages|. It was being freed
in the error case while still being in |buffered_messages|. When the
error later caused the |SSL*| to be destroyed, the item would be double
freed.

Thanks to Wah-Teh Chang for spotting that the fix in 1632ef74

 was
inconsistent with the other error paths (but correct).

Fixes CVE-2014-3505

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      49850075
  3. Aug 01, 2014
  5. Jul 30, 2014
  7. Jul 24, 2014
    • Dr. Stephen Henson's avatar
      Add conditional unit testing interface. · 789b1259
      Dr. Stephen Henson authored 
      

Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.

By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: default avatarGeoff Thorpe <geoff@openssl.org>
(cherry picked from commit e0fc7961)

Conflicts:

	ssl/heartbeat_test.c
	ssl/ssl.h
	util/mkdef.pl
      789b1259
  9. Jul 22, 2014
  11. Jul 21, 2014
  13. Jul 20, 2014
  15. Jul 19, 2014
  17. Jul 17, 2014
  19. Jul 16, 2014
  21. Jul 15, 2014
  23. Jul 14, 2014
  25. Jul 13, 2014
  27. Jul 10, 2014
  29. Jul 09, 2014